Cyber FYI

What’s Covered and How Much Does It Cost?

Joseph L. Petrelli, ACAS, ASA, MAAA, FCA, President, Demotech, Inc.

When providing insurance quotations from several markets for an existing insured or a potential new client “What’s covered” and “How much does it cost” are the two questions an insurance agent or broker are asked most often. Whether you are focused on personal lines customers, commercial accounts, life or health products evaluating the relative value of insurance coverage in exchange for the premium can be difficult to explain.

Agents and brokers are faced with the requirement of comparing coverage and premium cost options on a simplified and easy to understand basis to their clients. Each policy has multiple variables reflected in insuring agreement, definitions, terms and conditions and exclusions, along with different limits, deductible and premium amount – complications abound.

We have the answer!

Insurance Policy Metrics performs a hypothetical claim simulation for each unique account and produces a numerical factor from 1 to 1,000 that analyzes all the variables in each policy to determine the best value for your client. Different insurance policies, such as BOP, professional liability, builder’s risk, etc. can be reviewed on a consistent basis. IPM can also be used for emerging new products, such as cyber liability insurance, which is particularly challenging.

Insurance Data Logic, a development company started in conjunction with John Vassilliw, an insurance veteran of over 25 years, has simplified the process of insurance policy comparison by developing Insurance Policy Metrics. Equally important, rather than wade into the shallow end of the pool to review and analyze standardized personal lines products, we have jumped into the deep end to initially assist buyers and sellers of cyber liability and data breach insurance coverage.

The purpose of Insurance Policy Metrics (IPM) is to enable the user of IPM to compare different insurance policies on a consistent and standardized basis that specifically addresses the differences in the insuring agreement, definitions, terms, conditions, exclusions, limits, deductibles, co-insurance, premium and other critical policy and coverage conditions for each policy and quotation. For cyber insurance, the IPM data processing utilizes independent coverage counsel, underwriting expertise and actuarial personnel to evaluate how each policy would respond to a diverse group of different cyber attack incidents and potential claims based on type of company, size and location. IPM can assist buyers, sellers and providers in making rational business and insurance decisions. Although the IPM score is simple in concept, it is comprehensive in its hundreds of internal calculations. It is a business process patent pending with the United States Patent and Trademark Office via application number 14/962,794.


For the IPM calculation, the cash inflows of each specific policy include the claim payment, if any, and loss adjustment cost. Cash outflows consist of the premium, deductible, retention, co-payments, amounts not payable above policy sub-limits and aggregate limit, and all other amounts relative to a cyber attack, which are not covered by the policy. The IPM metric combines the coverage opinion prepared by counsel with underwriting and actuarial information related to claim severity (cost) and frequency (probability) to compute a numerical index ranging from 0 to 1,000 for each account and policy. The higher the IPM score of a particular policy the better a relative value for an insurance purchase.

All cyber attacks and losses are not covered by each cyber policy. The types of attacks that might be manifested by hackers also reflect both a frequency (probability) and severity (cost) component; i.e., lost laptop, misplaced USB, stolen personal records, denial of service, system virus, data ransom, etc. The probability of loss and potential loss is based upon the industry segment of the buyer, geographical location of the company and the size of the insured’s company.

The IPM score provides insight for the producer, the risk manager, the carrier and the carrier’s reinsurers. Agents and brokers, risk managers and underwriters will have an independent and standardized approach to compare policies and quotations enabling an astute broker to evaluate competitive policies, e.g., coverage/price ratio, thereby substituting a degree of underwriting, claims and actuarial judgment to insurance purchasing decisions. In addition to providing market intelligence to producers and underwriters, the evaluation of a specific array of incidents on a policy by policy basis provides the risk manager with a better understanding of risk management for cyber risk in his company or organization – either large or small.

In the simple example outline below, four insurers are competing for the business of an insured. The price differential is substantial. The IPM factor has calculated the coverage and pricing variables within each policy into the IPM index for each policy. Rather than compete on price, Insurer D has offered broader policy provisions, relative to Insurers A, B and C as evidenced by the IPM assigned to the policy. Remember, the IPM is one component in reaching a decision. Other considerations include financial condition, claim paying, business relationship, etc.

Contact me for additional information. Our phone number is (614) 526-2161. My email is jpetrellia [at]

Print Friendly
Cyber Attacks Map